Overview
Following on from the Data Protection Act (DPA) which was passed in EU countries in 1998, EU Governments have now adopted the General Data Protection Regulation (GDPR) which will apply throughout the EU from 25th May 2018.
The massive increase in people’s personal data being held on computers by a very wide range of users has seen the need for governments to urgently address the problems and hurt caused by data breaches. This has led them to introduce stringent new penalties for failure to protect data.
The main focus of General Data Protection Regulation (GDPR) will be to legally protect the personal data of all individuals residing within the EU – irrespective of where the company or agency holding the data is based – and includes rules around holding, processing, profiling, maintaining and deleting that data.
Solutions
VS Security Products Ltd manufactures a range of degaussers and crunchers to enable users to be absolutely certain that, at the time when sensitive data has reached the point when it can no longer be legitimately held, the user can not need just to attempt to erase or delete the data, but they can degauss and physically crush it, thus ensuring true permanent destruction.
Sensitive personal data, which relates to information concerning a data subject's racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences, is typically stored on media such as Hard Drives, Storage Tapes, Laptop Hard Drives and Solid State Drives. The data is very difficult to securely erase using software programmes due to the possibility of faults in the media such as bad sectors which software cannot access to delete. Some erasure programmes only erase the top level path to the data rather than the data itself thus leaving the possibility of a skilled hacker accessing the data by other means.
Degaussing is the globally recognised method of securely destroying data stored on magnetic media such as HDD and Tapes. Other devices such as Solid State Drives (SSD) and Memory Sticks need to be crushed. VS Security Products has a range of Degaussers to suit all levels of need whether it is a few HDD occasionally or a constant supply of various media for destruction such as would be acquired by a recycling company or a large Information Technology department. The company also manufactures a desk-top crusher which is a fast and powerful SSD destroyer.
Penalties for failure to comply
The new General Data Protection Regulation (GDPR) applies to all organisations from micro-companies to the very largest employers and public bodies. The Regulation requires all organisations to instigate an audit of current processes and to take appropriate technical and organisational measures to thoroughly protect people’s data. Failure to protect data or not complying with any of the terms of the Regulation can result in a penalty ranging from a written warning to a fine of €100 Million – €200 Million or 4% worldwide turnover (whichever is higher). These penalties far exceed those applicable under the 1998 Data Protection Act (DPA) where the maximum fine was around €570K.
Actions
Companies and organisations need to realise that there is a window of opportunity now, before the legislation becomes effective, for them to devise a plan of action leading them to absolute compliance by the necessary time. It has been suggested that as a minimum they should:
a) Find out what data they hold which is covered by General Data Protection Regulation (GDPR)
b) Set in place a Data Protection Internal Audit Procedure
c) Appoint individuals within the organisation to take responsibility for compliance
d) Explain their lawful basis for having the information
e) Obtain and record the information owners consent to hold it
f) If the information belongs to children they must have simple understandable terms of explanation
g) Have an inspection mechanism in place to allow a person to see the data being held about them
h) Have a set of procedures for how to deal with a data breach
i) Understand the need to, and have a mechanism for, reporting breaches to the Information Commissioner
j) Know who the relevant authority they have to report to in a foreign country if information is held in more than one EU state
k) Have a clear “end of life” destruction procedure for permanently obliterating the obsolete data
Proof of responsible behaviour
VS Security Products’ Degaussers and Crushers feature a unique piece of report writing software specifically designed to help with point k) above, i.e. Proof that an organisation has acted responsibly in relation to its duty to destroy sensitive data, and to comply with the requirements of the General Data Protection Regulation (GDPR).
At the time when a Hard Drive or Backup Tape is being erased on a VS Security Products unit its individual details such as its serial number, owners name, date of erasure etc. are recorded by the special Data Destruction Auditor/Report Writer software. This information can then be produced as a written report either for individual Hard Drives or for a batch of media. The reports can be produced in hard or soft copy and provide the person responsible for data destruction with proof of degaussing. This information will be a strong element of defence when defending against any suggestion of failure to protect data sufficiently.
David Tucker, Director of VS Security Products Ltd says “Our customers are very excited by our Report Writing software. The General Data Protection Regulation has given many IT Directors a wake-up call with regards to how data is dealt with when it is no longer appropriate to be held, and we find them relieved to have this tool to help them prove they have met their responsibilities. At VS Security Products we make desk-top units which are appropriate for the office environment. They are quite simple to use and present a visible, available, onsite solution for controlling data destruction. With our units in place an organisation can destroy a Hard Drive immediately it has been removed from the computer or laptop without having to store it or send it offsite to a third party.”
Conclusion
VS Security Products continues to develop solutions for permanent destruction of data to meet the advances in of ways of storing it. The Company has been addressing the needs of customers such as the NSA, GCHQ, major banks and financial institutions, hospitals and broadcast companies to name but a few, for some 35 years. The products are tried and tested and sold with 3 to 5 years manufacturer’s warranty and lifetime technical support.
The General Data Protection Regulation (GDPR) is being implemented to give people increased protection because of the potential insecurity of the enormous volume of personal data now held on computers and other storage media globally. VS Security Products Ltd is able to offer those responsible for the safe disposal of data, when it is no longer needed or appropriate to be held, a real solution and comfort to help them with their compliance responsibilities.
